Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/UXx9s6ASc6vfSWxe40Y23Y1ne5w.roa
File:                     UXx9s6ASc6vfSWxe40Y23Y1ne5w.roa (raw, json)
Hash identifier:          0NARc2jFPq8+VYkHwHrbJwockGtUDuvHSDwPPyh6Ews=
Subject key identifier:   51:7C:7D:B3:A0:12:73:AB:DF:49:6C:5E:E3:46:36:DD:8D:67:7B:9C
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       01856BCA20C4F1F514971007BCC5DB1B0622
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/UXx9s6ASc6vfSWxe40Y23Y1ne5w.roa
Signing time:             Sun 01 Jan 2023 05:24:46 +0000
ROA not before:           Sun 01 Jan 2023 05:24:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211252
IP address blocks:        45.141.236.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:ca:20:c4:f1:f5:14:97:10:07:bc:c5:db:1b:06:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 05:24:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=517c7db3a01273abdf496c5ee34636dd8d677b9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cf:1c:17:40:24:e3:3e:57:dc:3c:8c:ab:cd:
                    14:a2:d2:c5:56:d6:f6:13:2a:d4:24:11:17:43:68:
                    cf:15:71:69:88:8e:9b:2b:0d:b7:79:1f:77:e0:10:
                    e5:b4:17:5f:1c:1d:40:9e:6f:b6:9c:9e:56:23:fd:
                    88:a7:90:eb:16:ac:e1:ba:97:03:74:29:ce:9c:c3:
                    20:fd:9a:c6:73:ed:c6:cc:26:84:fa:a2:fe:45:f2:
                    b8:4a:da:70:4c:e1:c0:99:81:b2:f4:64:d5:4d:4a:
                    01:e0:e3:58:d6:8f:7b:91:1d:53:41:bc:f9:f4:d1:
                    2d:e8:41:4f:1f:af:8e:3d:f6:b7:b7:8a:a9:ec:82:
                    be:14:fd:31:00:0d:e4:8e:14:74:6b:46:fe:13:96:
                    3b:bb:6a:20:2c:5a:b1:45:d7:2b:a2:b6:cf:20:24:
                    ed:43:3d:73:4a:d4:42:c0:fc:1a:31:7a:9e:40:b5:
                    08:33:ed:96:ad:f7:6f:07:c5:06:6d:16:bc:4c:32:
                    42:d7:35:62:c1:68:5b:be:b1:34:0b:4f:1d:c7:b2:
                    75:d8:7b:ed:39:5a:72:ba:b7:43:63:19:87:b4:d2:
                    ad:84:c0:2a:d7:f3:96:e6:9a:bd:6a:95:9d:e5:3e:
                    a4:ff:ae:d0:6a:56:8a:a3:c6:9e:5f:66:d9:3a:8c:
                    e9:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:7C:7D:B3:A0:12:73:AB:DF:49:6C:5E:E3:46:36:DD:8D:67:7B:9C
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/UXx9s6ASc6vfSWxe40Y23Y1ne5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:06:72:85:f9:36:86:11:1d:ab:98:8b:43:34:09:48:0e:fc:
         c1:9e:de:e4:af:90:47:4c:82:f9:99:8a:b7:92:38:87:37:ff:
         1e:6e:d9:3d:cf:4c:b0:45:18:4d:38:7d:3a:cc:9a:39:02:d4:
         df:86:2f:e6:43:b0:25:76:18:64:de:44:84:d7:dc:2c:2c:08:
         b1:72:21:54:79:99:39:46:19:c7:8c:e2:9f:b0:31:25:20:f1:
         ac:f2:65:32:33:b5:6e:8a:df:9c:03:e5:7e:40:01:d6:a9:c3:
         41:5f:7d:f1:fc:18:6a:98:14:db:dc:c3:85:35:08:5f:f0:3a:
         5a:66:d0:6d:e5:64:e1:f6:63:08:bc:d7:d2:58:1e:58:da:3c:
         bf:d3:ab:d0:15:fe:66:64:d7:b2:5e:9d:29:6f:b7:cb:25:0f:
         c8:f0:c4:8b:71:03:92:f4:9d:bb:54:56:68:55:43:09:15:a9:
         55:43:84:bd:1a:a1:25:50:e9:1d:56:0e:e4:50:89:c6:fe:83:
         df:ec:78:20:c8:22:cd:10:6a:b7:62:d3:37:10:44:36:4a:ef:
         79:4d:02:ae:a4:a8:44:86:96:3f:24:8b:a2:68:0f:24:a0:58:
         98:9a:e6:ca:32:1f:56:f9:7d:3a:8a:90:98:b6:05:16:44:56:
         16:a9:1f:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVryiDE8fUUlxAHvMXbGwYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjMwMTAxMDUyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTdjN2RiM2EwMTI3M2FiZGY0OTZjNWVlMzQ2MzZkZDhkNjc3YjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsM8cF0Ak4z5X3DyMq80UotLFVtb2
EyrUJBEXQ2jPFXFpiI6bKw23eR934BDltBdfHB1Anm+2nJ5WI/2Ip5DrFqzhupcD
dCnOnMMg/ZrGc+3GzCaE+qL+RfK4StpwTOHAmYGy9GTVTUoB4ONY1o97kR1TQbz5
9NEt6EFPH6+OPfa3t4qp7IK+FP0xAA3kjhR0a0b+E5Y7u2ogLFqxRdcrorbPICTt
Qz1zStRCwPwaMXqeQLUIM+2WrfdvB8UGbRa8TDJC1zViwWhbvrE0C08dx7J12Hvt
OVpyurdDYxmHtNKthMAq1/OW5pq9apWd5T6k/67QalaKo8aeX2bZOozpHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFF8fbOgEnOr30lsXuNGNt2NZ3ucMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvVVh4OXM2QVNjNnZmU1d4ZTQwWTIzWTFuZTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY3sMA0G
CSqGSIb3DQEBCwUAA4IBAQBsBnKF+TaGER2rmItDNAlIDvzBnt7kr5BHTIL5mYq3
kjiHN/8ebtk9z0ywRRhNOH06zJo5AtTfhi/mQ7Aldhhk3kSE19wsLAixciFUeZk5
RhnHjOKfsDElIPGs8mUyM7Vuit+cA+V+QAHWqcNBX33x/BhqmBTb3MOFNQhf8Dpa
ZtBt5WTh9mMIvNfSWB5Y2jy/06vQFf5mZNeyXp0pb7fLJQ/I8MSLcQOS9J27VFZo
VUMJFalVQ4S9GqElUOkdVg7kUInG/oPf7HggyCLNEGq3YtM3EEQ2Su95TQKupKhE
hpY/JIuiaA8koFiYmubKMh9W+X06ipCYtgUWRFYWqR9q
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:24 2024 by rpki-client on console-ams.rpki-client.org